PSARC/2002/665 auditd interface reclassification

6647954 implement the removal of audit_data(4) as noted in PSARC/2002/665

6 files changed, 56 insertions, 58 deletions

diff --git a/usr/src/cmd/audit_warn/audit_warn.sh b/usr/src/cmd/audit_warn/audit_warn.sh
index 7f1cf95926..f5cb90d998 100644
--- a/usr/src/cmd/audit_warn/audit_warn.sh
+++ b/usr/src/cmd/audit_warn/audit_warn.sh
@@ -20,9 +20,7 @@
 # CDDL HEADER END
 #
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 
@@ -171,14 +169,22 @@ do
 			break
 			;;
 
-	"tmpfile" )	# Check tempfile arg
-			# The tempfile used by the audit daemon could not
-			# be opened even though it was unlinked.
-			# This error will cause the audit daemon to exit.
+	"tmpfile" )	# Check tmpfile arg
+			# The tmpfile used by the audit daemon (binfile) could
+			# not be opened even unlinked or symlinked.
+			# This error will cause the audit daemon to exit at
+			# start.  If it occurs later the audit daemon will
+			# attempt to carry on.
 
+			if [ ! -n "$2" ]
+			then
+				$DEBUG_OUT "$0: Need error string arg with 'tmpfile'!"
+				exit 1
+			else
+				ERROR=$2
+			fi
 			# Set message
-			MESSAGE="The audit daemon can not open audit_tmp.\
-  This implies a serious problem.  The audit daemon has exited!"
+			MESSAGE="The audit daemon is unable to update /var/run, error=$ERROR.\n This implies a serious problem."
 
 			send_msg
 
diff --git a/usr/src/cmd/auditd/auditd.c b/usr/src/cmd/auditd/auditd.c
index f97e34f384..3f52efdd76 100644
--- a/usr/src/cmd/auditd/auditd.c
+++ b/usr/src/cmd/auditd/auditd.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -280,7 +280,7 @@ main(int argc, char *argv[])
 	 */
 	(void) umask(007);
 
-	if (__logpost("")) {	/* Open the audit_data file. */
+	if (__logpost("")) {	/* Cannot unlink pointer to audit.log file. */
 		DPRINT((dbfp, "logpost failed\n"));
 		auditd_exit(4);
 	}
diff --git a/usr/src/lib/auditd_plugins/binfile/binfile.c b/usr/src/lib/auditd_plugins/binfile/binfile.c
index f30f9871a1..d7b05877c7 100644
--- a/usr/src/lib/auditd_plugins/binfile/binfile.c
+++ b/usr/src/lib/auditd_plugins/binfile/binfile.c
@@ -18,9 +18,8 @@
  *
  * CDDL HEADER END
  */
-
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * write binary audit records directly to a file.
@@ -68,7 +67,6 @@
 
 #define	AUDIT_DATE_SZ	14
 #define	AUDIT_FNAME_SZ	2 * AUDIT_DATE_SZ + 2 + MAXHOSTNAMELEN
-#define	AUDIT_BAK_SZ	50	/* size of name of audit_data back-up file */
 
 			/* per-directory status */
 #define	SOFT_SPACE	0	/* minfree or less space available	*/
@@ -269,7 +267,7 @@ loadauditlist(char *dirstr, char *minfreestr)
 	    acresult == 2 || acresult == -3) {
 		/*
 		 * loop if the result is 0 (success), 2 (a warning
-		 * that the audit_data file has been rewound),
+		 * that the audit_control file has been rewound),
 		 * or -3 (a directory entry was found, but it
 		 * was badly formatted.
 		 */
@@ -1057,6 +1055,8 @@ auditd_plugin_close(char **error)
 
 	DPRINT((dbfp, "binfile:  closed\n"));
 
+	(void) __logpost("");
+
 	if (binfile_is_open) {
 		(void) pthread_mutex_destroy(&log_mutex);
 		binfile_is_open = 0;
diff --git a/usr/src/lib/libbsm/common/audit_plugin.c b/usr/src/lib/libbsm/common/audit_plugin.c
index 55015e2a52..76c69f01e1 100644
--- a/usr/src/lib/libbsm/common/audit_plugin.c
+++ b/usr/src/lib/libbsm/common/audit_plugin.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * private interfaces for auditd plugins and auditd.
@@ -65,12 +65,8 @@ init_syslog_mutex()
  * the previous, the app_name hasn't changed.
  */
 void
-__audit_syslog(
-	const char *app_name,
-	int flags,
-	int facility,
-	int severity,
-	const char *message)
+__audit_syslog(const char *app_name, int flags, int facility, int severity,
+    const char *message)
 {
 	static pthread_once_t	once_control = PTHREAD_ONCE_INIT;
 	static int		logopen = 0;
@@ -216,43 +212,41 @@ __audit_dowarn2(char *option, char *name, char *error, char *text, int count)
 }
 
 /*
- * logpost - post the new audit log file name to audit_data.
+ * logpost - post the new audit log file name.
+ *
+ *	Entry	name = active audit.log file name
+ *			NULL, if checking writability (auditd),
+ *			changing audit log files, error, or exiting (binfile).
+ *
+ *	Exit	0 = success
+ *		1 = system error -- errno
+ *		    audit_warn called with the specific error
  *
- * This is not re-entrant code; it is called from auditd.c when
- * audit_binfile.so is not running and from binfile after auditd
- * is done.
  */
 int
 __logpost(char *name)
 {
-	char	buffer[MAXPATHLEN];
-	char	empty[] = "";
+	int lerrno;
 
-	static int	first = 1;
-	static char	auditdata[] = AUDITDATAFILE;
-	static int	audit_data_fd; /* file descriptor of audit_data */
+	if (unlink(BINFILE_FILE) != 0 &&
+	    errno != ENOENT) {
 
-	if (first) {
-		first = 0;
-		/*
-		 * Open the audit_data file. Use O_APPEND so that the contents
-		 * are not destroyed if there is another auditd running.
-		 */
-		if ((audit_data_fd = open(auditdata,
-		    O_RDWR | O_APPEND | O_CREAT, 0660)) < 0) {
-			__audit_dowarn("tmpfile", "", 0);
-			return (1);
-		}
+		lerrno = errno;
+		__audit_dowarn("tmpfile", strerror(errno), 0);
+		errno = lerrno;
+		return (1);
 	}
-	if (name == NULL)
-		name = empty;
-
-	(void) snprintf(buffer, sizeof (buffer), "%d:%s\n",
-	    (int)getpid(), name);
+	if (name == NULL || *name == '\0') {
+		/* audit_binfile not active, no file pointer */
+		return (0);
+	}
+	if (symlink(name, BINFILE_FILE) != 0) {
 
-	(void) ftruncate(audit_data_fd, (off_t)0);
-	(void) write(audit_data_fd, buffer, strlen(buffer));
-	(void) fsync(audit_data_fd);
+		lerrno = errno;
+		__audit_dowarn("tmpfile", strerror(errno), 0);
+		errno = lerrno;
+		return (1);
+	}
 
 	return (0);
 }
diff --git a/usr/src/lib/libbsm/common/audit_plugin.h b/usr/src/lib/libbsm/common/audit_plugin.h
index ac3277853c..740931bed6 100644
--- a/usr/src/lib/libbsm/common/audit_plugin.h
+++ b/usr/src/lib/libbsm/common/audit_plugin.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * This is an unstable interface; changes may be made without
@@ -30,14 +29,14 @@
 #ifndef	_AUDIT_PLUGIN_H
 #define	_AUDIT_PLUGIN_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+#define	BINFILE_FILE	"/var/run/.audit.log"
+
 void __audit_syslog(const char *, int, int, int, const char *);
 void __audit_dowarn(char *, char *, int);
 void __audit_dowarn2(char *, char *, char *, char *, int);
diff --git a/usr/src/lib/libbsm/common/libbsm.h b/usr/src/lib/libbsm/common/libbsm.h
index bf0f4ea76d..2353076027 100644
--- a/usr/src/lib/libbsm/common/libbsm.h
+++ b/usr/src/lib/libbsm/common/libbsm.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -264,7 +264,6 @@ extern int	setauid(au_id_t *);
 /* system audit files for auditd */
 #define	AUDITCLASSFILE		"/etc/security/audit_class"
 #define	AUDITCONTROLFILE	"/etc/security/audit_control"
-#define	AUDITDATAFILE		"/etc/security/audit_data"
 #define	AUDITEVENTFILE		"/etc/security/audit_event"
 #define	AUDITUSERFILE		"/etc/security/audit_user"